Published: 19/08/2011 Updated: 07/02/2022

CVSS v2 Base Score: 5.1 | Impact Score: 6.4 | Exploitability Score: 4.9

VMScore: 454

Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS prior to 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and previous versions, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and previous versions, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote malicious users to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895.

Vulnerable Product	Search on Vulmon	Subscribe to Product
swi-prolog swi-prolog
apple cups
gimp gimp

Debian Bug report logs - #643753 CVE-2011-2896: LZW buffer overflow Package: gimp; Maintainer for gimp is Debian GNOME Maintainers <pkg-gnome-maintainers@listsaliothdebianorg>; Source for gimp is src:gimp (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <muehlenhoff@univentionde> Date: Thu, 29 Sep 2011 10:24 ...

GIMP could be made to run programs as your login if it opened a specially crafted GIF file ...

An attacker could send crafted print jobs to CUPS and cause it to crash or run programs ...

Synopsis Low: cups security and bug fix update Type/Severity Security Advisory: Low Topic Updated cups packages that fix one security issue and various bugs are nowavailable for Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as having lowsecurity impact A Common Vulnera ...

Synopsis Moderate: gimp security update Type/Severity Security Advisory: Moderate Topic Updated gimp packages that fix multiple security issues are now availablefor Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as having moderatesecurity impact Common Vulnerability Sco ...

Synopsis Moderate: gimp security update Type/Severity Security Advisory: Moderate Topic Updated gimp packages that fix three security issues are now available forRed Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as having moderatesecurity impact Common Vulnerability Scorin ...

Synopsis Low: cups security and bug fix update Type/Severity Security Advisory: Low Topic Updated cups packages that fix one security issue and several bugs are nowavailable for Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as having lowsecurity impact A Common Vulnera ...

Petr Sklenar and Tomas Hoger discovered that missing input sanitising in the GIF decoder inside the CUPS printing system could lead to denial of service or potentially arbitrary code execution through crafted GIF files For the oldstable distribution (lenny), this problem has been fixed in version 138-1+lenny10 For the stable distribution (squee ...

Several vulnerabilities have been identified in GIMP, the GNU Image Manipulation Program CVE-2010-4540 Stack-based buffer overflow in the load_preset_response function in plug-ins/lighting/lighting-uic in the LIGHTING EFFECTS & LIGHT plugin allows user-assisted remote attackers to cause a denial of service (application crash) or possibly ...

CWE-787 https://bugzilla.redhat.com/show_bug.cgi?id=727800 http://git.gnome.org/browse/gimp/commit/?id=376ad788c1a1c31d40f18494889c383f6909ebfc https://bugzilla.redhat.com/show_bug.cgi?id=730338 http://cups.org/str.php?L3867 http://secunia.com/advisories/45621 http://www.openwall.com/lists/oss-security/2011/08/10/10 http://www.ubuntu.com/usn/USN-1207-1 http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065527.html http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065550.html http://secunia.com/advisories/46024 http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065651.html http://www.securitytracker.com/id?1025929 http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064873.html http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064600.html http://secunia.com/advisories/45945 http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065539.html http://secunia.com/advisories/45948 http://www.securityfocus.com/bid/49148 http://www.swi-prolog.org/bugzilla/show_bug.cgi?id=7#c4 http://secunia.com/advisories/45900 http://www.ubuntu.com/usn/USN-1214-1 http://www.mandriva.com/security/advisories?name=MDVSA-2011:146 http://www.redhat.com/support/errata/RHSA-2011-1635.html http://www.mandriva.com/security/advisories?name=MDVSA-2011:167 http://rhn.redhat.com/errata/RHSA-2012-1180.html http://rhn.redhat.com/errata/RHSA-2012-1181.html http://secunia.com/advisories/50737 http://security.gentoo.org/glsa/glsa-201209-23.xml http://www.debian.org/security/2011/dsa-2354 http://secunia.com/advisories/48236 http://secunia.com/advisories/48308 http://www.debian.org/security/2012/dsa-2426 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=643753 https://usn.ubuntu.com/1214-1/https://nvd.nist.gov

CVE-2011-2896

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect